[apple/security.git] / OSX / libsecurity_apple_csp / lib / opensshCoding.cpp

/*
 * Copyright (c) 2006,2011-2012,2014 Apple Inc. All Rights Reserved.
 * 
 * @APPLE_LICENSE_HEADER_START@
 * 
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 * 
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 * 
 * @APPLE_LICENSE_HEADER_END@
 */


/*
 * opensshCoding.cpp - Encoding and decoding of OpenSSH format public keys.
 *
 */

#include "opensshCoding.h"
#include <CoreFoundation/CFData.h>
#include <openssl/bn_legacy.h>
#include <openssl/crypto_legacy.h>
#include <security_cdsa_utils/cuEnc64.h>

#define SSH2_RSA_HEADER		"ssh-rsa"
#define SSH2_DSA_HEADER		"ssh-dss"

#ifndef	NDEBUG
#include <stdio.h>
#define dprintf(s...)		printf(s)
#else
#define dprintf(...)
#endif

#pragma mark --- commmon code --- 

uint32_t readUint32(
	const unsigned char *&cp,		// IN/OUT
	unsigned &len)					// IN/OUT 
{
	uint32_t r = 0;
	
	for(unsigned dex=0; dex<sizeof(uint32_t); dex++) {
		r <<= 8;
		r |= *cp++;
	}
	len -= 4;
	return r;
}

void appendUint32(
	CFMutableDataRef cfOut,
	uint32_t ui)
{
	UInt8 buf[sizeof(uint32_t)];
	
	for(int dex=(sizeof(uint32_t) - 1); dex>=0; dex--) {
		buf[dex] = ui & 0xff;
		ui >>= 8;
	}
	CFDataAppendBytes(cfOut, buf, sizeof(uint32_t));
}


/* parse text as decimal, return BIGNUM */
static BIGNUM *parseDecimalBn(
	const unsigned char *cp,
	unsigned len)
{
	for(unsigned dex=0; dex<len; dex++) {
		char c = *cp;
		if((c < '0') || (c > '9')) {
			return NULL;
		}
	}
	char *str = (char *)malloc(len + 1);
	memmove(str, cp, len);
	str[len] = '\0';
	BIGNUM *bn = NULL;
	BN_dec2bn(&bn, str);
	free(str);
	return bn;
}
	
/* write BIGNUM, OpenSSH v2 format (with a 4-byte byte count) */
static CSSM_RETURN appendBigNum2(
	CFMutableDataRef cfOut,
	const BIGNUM *bn)
{
	if(bn == NULL) {
		dprintf("appendBigNum2: NULL bn");
		return CSSMERR_CSP_INTERNAL_ERROR;
	}
	if (BN_is_zero(bn)) {
		appendUint32(cfOut, 0);
		return 0;
	}
	if(bn->neg) {
		dprintf("appendBigNum2: negative numbers not supported\n");
		return CSSMERR_CSP_INTERNAL_ERROR;
	}
	int numBytes = BN_num_bytes(bn);
	unsigned char *buf = (unsigned char*)malloc(numBytes);
	if (buf == NULL) {
		dprintf("appendBigNum: Cannot allocate a temp BN buffer\n");
		return CSSMERR_CSSM_MEMORY_ERROR;
	}
	int moved = BN_bn2bin(bn, buf);
	if(moved != numBytes) {
		dprintf("appendBigNum: BN_bn2bin() screwup\n");
		free(buf);
		return CSSMERR_CSP_INTERNAL_ERROR;
	}
	bool appendZero = false;
	if(buf[0] & 0x80) {
		/* prepend leading zero to make it positive */
		appendZero = true;
		numBytes++;		// to encode the correct 4-byte length 
	}
	appendUint32(cfOut, (uint32_t)numBytes);
	if(appendZero) {
		UInt8 z = 0;
		CFDataAppendBytes(cfOut, &z, 1);
		numBytes--;		// to append the correct number of bytes
	}
	CFDataAppendBytes(cfOut, buf, numBytes);
	memset(buf, 0, numBytes);
	free(buf);
	return CSSM_OK;
}

/* read BIGNUM, OpenSSH-2 mpint version */
static BIGNUM *readBigNum2(
	const unsigned char *&cp,	// IN/OUT
	unsigned &remLen)			// IN/OUT
{
	if(remLen < 4) {
		dprintf("readBigNum2: short record(1)\n");
		return NULL;
	}
	uint32_t bytes = readUint32(cp, remLen);
	if(remLen < bytes) {
		dprintf("readBigNum2: short record(2)\n");
		return NULL;
	}
	BIGNUM *bn = BN_bin2bn(cp, bytes, NULL);
	if(bn == NULL) {
		dprintf("readBigNum2: BN_bin2bn error\n");
		return NULL;
	}
	cp += bytes;
	remLen -= bytes;
	return bn;
}

/* Write BIGNUM, OpenSSH-1 decimal (public key) version */
static CSSM_RETURN appendBigNumDec(
	CFMutableDataRef cfOut, 
	const BIGNUM *bn)
{
	char *buf = BN_bn2dec(bn);
	if(buf == NULL) {
		dprintf("appendBigNumDec: BN_bn2dec() error");
		return CSSMERR_CSP_INTERNAL_ERROR;
	}
	CFDataAppendBytes(cfOut, (const UInt8 *)buf, strlen(buf));
	Free(buf);
	return CSSM_OK;
}

/* write string, OpenSSH v2 format (with a 4-byte byte count) */
static void appendString(
	CFMutableDataRef cfOut,
	const char *str,
	unsigned strLen)
{
	appendUint32(cfOut, (uint32_t)strLen);
	CFDataAppendBytes(cfOut, (UInt8 *)str, strLen);
}

/* skip whitespace */
static void skipWhite(
	const unsigned char *&cp,
	unsigned &bytesLeft)
{
	while(bytesLeft != 0) {
		if(isspace((int)(*cp))) {
			cp++;
			bytesLeft--;
		}
		else {
			return;
		}
	}
}

/* find next whitespace or EOF - if EOF, rtn pointer points to one past EOF */
static const unsigned char *findNextWhite(
	const unsigned char *cp,
	unsigned &bytesLeft)
{
	while(bytesLeft != 0) {
		if(isspace((int)(*cp))) {
			return cp;
		}
		cp++;
		bytesLeft--;
	}
	return cp;
}


/* 
 * Decode components from an SSHv2 public key.
 * Also verifies the leading header, e.g. "ssh-rsa".
 * The returned decodedBlob is algorithm-specific.
 */
static CSSM_RETURN parseSSH2PubKey(
	const unsigned char *key,
	unsigned keyLen,
	const char *header,				// SSH2_RSA_HEADER, SSH2_DSA_HEADER
	unsigned char **decodedBlob,	// mallocd and RETURNED
	unsigned *decodedBlobLen)		// RETURNED
{
	size_t len = strlen(header);
	*decodedBlob = NULL;
	
	/* ID string plus at least one space */
	if(keyLen < (len + 1)) {
		dprintf("parseSSH2PubKey: short record(1)\n");
		return CSSMERR_CSP_INVALID_KEY;
	}
	
	if(memcmp(header, key, len)) {
		dprintf("parseSSH2PubKey: bad header (1)\n");
		return CSSMERR_CSP_INVALID_KEY;
	}
	key += len;
	if(*key++ != ' ') {
		dprintf("parseSSH2PubKey: bad header (2)\n");
		return CSSMERR_CSP_INVALID_KEY;
	}
	keyLen -= (len + 1);

	/* key points to first whitespace after header */
	skipWhite(key, keyLen);
	if(keyLen == 0) {
		dprintf("parseSSH2PubKey: short key\n");
		return CSSMERR_CSP_INVALID_KEY;
	}
	
	/* key is start of base64 blob */
	const unsigned char *encodedBlob = key;
	const unsigned char *endBlob = findNextWhite(key, keyLen);
	unsigned encodedBlobLen = (unsigned)(endBlob - encodedBlob);
	
	/* decode base 64 */
	*decodedBlob = cuDec64(encodedBlob, encodedBlobLen, decodedBlobLen);
	if(*decodedBlob == NULL) {
		dprintf("parseSSH2PubKey: base64 decode error\n");
		return CSSMERR_CSP_INVALID_KEY;
	}
	
	/* skip remainder; it's comment */
	
	return CSSM_OK;
}
	

#pragma mark -- RSA OpenSSHv1 ---

CSSM_RETURN RSAPublicKeyEncodeOpenSSH1(
	RSA 			*rsa, 
	const CssmData	&descData,
	CssmOwnedData	&encodedKey)
{
	CFMutableDataRef cfOut = CFDataCreateMutable(NULL, 0);
	CSSM_RETURN ourRtn = CSSM_OK;
	
	/*
	 * Format is
	 * num_bits in decimal
	 * <space>
	 * e, bignum in decimal
	 * <space>
	 * n, bignum in decimal
	 * <space>
	 * optional comment
	 * newline
	 */
	unsigned numBits = BN_num_bits(rsa->n);
	char bitString[20];
	UInt8 c = ' ';

	snprintf(bitString, sizeof(bitString), "%u ", numBits);
	CFDataAppendBytes(cfOut, (const UInt8 *)bitString, strlen(bitString));
	if((ourRtn = appendBigNumDec(cfOut, rsa->e))) {
		goto errOut;
	}
	CFDataAppendBytes(cfOut, &c, 1);
	if((ourRtn = appendBigNumDec(cfOut, rsa->n))) {
		goto errOut;
	}
	
	if(descData.Length) {
		/* optional comment */
		CFDataAppendBytes(cfOut, &c, 1);
		CFDataAppendBytes(cfOut, (UInt8 *)descData.Data, descData.Length);
	}

	c = '\n';
	CFDataAppendBytes(cfOut, &c, 1);
	encodedKey.copy(CFDataGetBytePtr(cfOut), CFDataGetLength(cfOut));
errOut:
	CFRelease(cfOut);
	return ourRtn;
}

CSSM_RETURN RSAPublicKeyDecodeOpenSSH1(
	RSA 			*rsa, 
	void 			*p, 
	size_t			length)
{
	const unsigned char *cp = (const unsigned char *)p;
	unsigned remLen = (unsigned)length;
	
	skipWhite(cp, remLen);
	
	/* 
	 * cp points to start of size_in_bits in ASCII decimal; we really don't care about 
	 * this field. Find next space.
	 */
	cp = findNextWhite(cp, remLen);
	if(remLen == 0) {
		dprintf("RSAPublicKeyDecodeOpenSSH1: short key (1)\n");
		return CSSMERR_CSP_INVALID_KEY;
	}
	skipWhite(cp, remLen);
	if(remLen == 0) {
		dprintf("RSAPublicKeyDecodeOpenSSH1: short key (2)\n");
		return CSSMERR_CSP_INVALID_KEY;
	}
	
	/*
	 * cp points to start of e
	 */
	const unsigned char *ep = findNextWhite(cp, remLen);
	if(remLen == 0) {
		dprintf("RSAPublicKeyDecodeOpenSSH1: short key (3)\n");
		return CSSMERR_CSP_INVALID_KEY;
	}
	unsigned len = (unsigned)(ep - cp);
	rsa->e = parseDecimalBn(cp, len);
	if(rsa->e == NULL) {
		return CSSMERR_CSP_INVALID_KEY;
	}
	cp += len;
	
	skipWhite(cp, remLen);
	if(remLen == 0) {
		dprintf("RSAPublicKeyDecodeOpenSSH1: short key (4)\n");
		return -1;
	}
	
	/* cp points to start of n */
	ep = findNextWhite(cp, remLen);
	len = (unsigned)(ep - cp);
	rsa->n = parseDecimalBn(cp, len);
	if(rsa->n == NULL) {
		return CSSMERR_CSP_INVALID_KEY;
	}
	
	/* remainder is comment, we ignore */
	return CSSM_OK;

}

CSSM_RETURN RSAPrivateKeyEncodeOpenSSH1(
	RSA 			*rsa, 
	const CssmData	&descData,
	CssmOwnedData	&encodedKey)
{
	CFDataRef cfOut;
	CSSM_RETURN ourRtn;

	ourRtn = encodeOpenSSHv1PrivKey(rsa, descData.Data, (unsigned)descData.Length, NULL, &cfOut);
	if(ourRtn) {
		return ourRtn;
	}
	encodedKey.copy(CFDataGetBytePtr(cfOut), CFDataGetLength(cfOut));
	CFRelease(cfOut);
	return CSSM_OK;
}

extern CSSM_RETURN RSAPrivateKeyDecodeOpenSSH1(
	RSA 			*openKey, 
	void 			*p, 
	size_t			length)
{
	return decodeOpenSSHv1PrivKey((const unsigned char *)p, (unsigned)length,
		openKey, NULL, NULL, NULL);
}

#pragma mark -- RSA OpenSSHv2 ---

CSSM_RETURN RSAPublicKeyEncodeOpenSSH2(
	RSA 			*rsa, 
	const CssmData	&descData,
	CssmOwnedData	&encodedKey)
{
	unsigned char *b64 = NULL;
	unsigned b64Len;
	UInt8 c;
	
	/* 
	 * First, the inner base64-encoded blob, consisting of
	 * ssh-rsa
	 * e
	 * n
	 */
	CFMutableDataRef cfOut = CFDataCreateMutable(NULL, 0);
	CSSM_RETURN ourRtn = CSSM_OK;
	appendString(cfOut, SSH2_RSA_HEADER, strlen(SSH2_RSA_HEADER));
	if((ourRtn = appendBigNum2(cfOut, rsa->e))) {
		goto errOut;
	}
	if((ourRtn = appendBigNum2(cfOut, rsa->n))) {
		goto errOut;
	}
	
	/* base64 encode that */
	b64 = cuEnc64((unsigned char *)CFDataGetBytePtr(cfOut), (unsigned)CFDataGetLength(cfOut), &b64Len);
	
	/* cuEnc64 added newline and NULL, which we really don't want */
	b64Len -= 2;
	
	/* Now start over, dropping that base64 into a public blob. */
	CFDataSetLength(cfOut, 0);
	CFDataAppendBytes(cfOut, (UInt8 *)SSH2_RSA_HEADER, strlen(SSH2_RSA_HEADER));
	c = ' ';
	CFDataAppendBytes(cfOut, &c, 1);
	CFDataAppendBytes(cfOut, b64, b64Len);
	
	if(descData.Length) {
		/* optional comment */
		CFDataAppendBytes(cfOut, &c, 1);
		CFDataAppendBytes(cfOut, (UInt8 *)descData.Data, descData.Length);
	}
	
	/* finish it with a newline */
	c = '\n';
	CFDataAppendBytes(cfOut, &c, 1);
	
	encodedKey.copy(CFDataGetBytePtr(cfOut), CFDataGetLength(cfOut));
errOut:
	CFRelease(cfOut);
	if(b64) {
		free(b64);
	}
	return ourRtn;
}

CSSM_RETURN RSAPublicKeyDecodeOpenSSH2(
	RSA 			*rsa, 
	void 			*p, 
	size_t			length)
{
	const unsigned char *key = (const unsigned char *)p;
	unsigned keyLen = (unsigned)length;
	CSSM_RETURN ourRtn;
	
	/* 
	 * Verify header
	 * get base64-decoded blob 
	 */
	unsigned char *decodedBlob = NULL;
	unsigned decodedBlobLen = 0;
	if((ourRtn = parseSSH2PubKey(key, keyLen, SSH2_RSA_HEADER, &decodedBlob, &decodedBlobLen))) {
		return ourRtn;
	}
	/* subsequent errors to errOut: */
	
	/*
	 * The inner base64-decoded blob, consisting of
	 * ssh-rsa
	 * e
	 * n
	 */
	uint32_t decLen;
	unsigned len;
	
	key = decodedBlob;
	keyLen = decodedBlobLen;
	if(keyLen < 12) {
		/* three length fields at least */
		dprintf("RSAPublicKeyDecodeOpenSSH2: short record(2)\n");
		ourRtn = -1;
		goto errOut;
	}
	decLen = readUint32(key, keyLen);
	len = strlen(SSH2_RSA_HEADER);
	if(decLen != len) {
		dprintf("RSAPublicKeyDecodeOpenSSH2: bad header (2)\n");
		ourRtn = CSSMERR_CSP_INVALID_KEY;
		goto errOut;
	}
	if(memcmp(SSH2_RSA_HEADER, key, len)) {
		dprintf("RSAPublicKeyDecodeOpenSSH2: bad header (1)\n");
		return CSSMERR_CSP_INVALID_KEY;
	}
	key += len;
	keyLen -= len;
	
	rsa->e = readBigNum2(key, keyLen);
	if(rsa->e == NULL) {
		ourRtn = CSSMERR_CSP_INVALID_KEY;
		goto errOut;
	}
	rsa->n = readBigNum2(key, keyLen);
	if(rsa->n == NULL) {
		ourRtn = CSSMERR_CSP_INVALID_KEY;
		goto errOut;
	}

errOut:
	free(decodedBlob);
	return ourRtn;
}

#pragma mark -- DSA OpenSSHv2 ---

CSSM_RETURN DSAPublicKeyEncodeOpenSSH2(
	DSA 			*dsa, 
	const CssmData	&descData,
	CssmOwnedData	&encodedKey)
{
	unsigned char *b64 = NULL;
	unsigned b64Len;
	UInt8 c;
	
	/* 
	 * First, the inner base64-encoded blob, consisting of
	 * ssh-dss
	 * p
	 * q
	 * g
	 * pub_key
	 */
	CFMutableDataRef cfOut = CFDataCreateMutable(NULL, 0);
	int ourRtn = 0;
	appendString(cfOut, SSH2_DSA_HEADER, strlen(SSH2_DSA_HEADER));
	if((ourRtn = appendBigNum2(cfOut, dsa->p))) {
		goto errOut;
	}
	if((ourRtn = appendBigNum2(cfOut, dsa->q))) {
		goto errOut;
	}
	if((ourRtn = appendBigNum2(cfOut, dsa->g))) {
		goto errOut;
	}
	if((ourRtn = appendBigNum2(cfOut, dsa->pub_key))) {
		goto errOut;
	}
	
	/* base64 encode that */
	b64 = cuEnc64((unsigned char *)CFDataGetBytePtr(cfOut), (unsigned)CFDataGetLength(cfOut), &b64Len);
	
	/* cuEnc64 added newline and NULL, which we really don't want */
	b64Len -= 2;
	
	/* Now start over, dropping that base64 into a public blob. */
	CFDataSetLength(cfOut, 0);
	CFDataAppendBytes(cfOut, (UInt8 *)SSH2_DSA_HEADER, strlen(SSH2_DSA_HEADER));
	c = ' ';
	CFDataAppendBytes(cfOut, &c, 1);
	CFDataAppendBytes(cfOut, b64, b64Len);
	
	if(descData.Length) {
		/* optional comment */
		CFDataAppendBytes(cfOut, &c, 1);
		CFDataAppendBytes(cfOut, (UInt8 *)descData.Data, descData.Length);
	}
	
	/* finish it with a newline */
	c = '\n';
	CFDataAppendBytes(cfOut, &c, 1);
	
	encodedKey.copy(CFDataGetBytePtr(cfOut), CFDataGetLength(cfOut));
	
errOut:
	CFRelease(cfOut);
	if(b64) {
		free(b64);
	}
	return ourRtn;
}

CSSM_RETURN DSAPublicKeyDecodeOpenSSH2(
	DSA 			*dsa, 
	void 			*p, 
	size_t			length)
{
	const unsigned char *key = (const unsigned char *)p;
	unsigned keyLen = (unsigned)length;
	CSSM_RETURN ourRtn;
	
	/* 
	 * Verify header
	 * get base64-decoded blob 
	 */
	unsigned char *decodedBlob = NULL;
	unsigned decodedBlobLen = 0;
	if((ourRtn = parseSSH2PubKey(key, keyLen, SSH2_DSA_HEADER, &decodedBlob, &decodedBlobLen))) {
		return ourRtn;
	}
	/* subsequent errors to errOut: */
	
	/*
	 * The inner base64-decoded blob, consisting of
	 * ssh-dss
	 * p
	 * q
	 * g
	 * pub_key
	 */
	uint32_t decLen;
	unsigned len;
	
	key = decodedBlob;
	keyLen = decodedBlobLen;
	if(keyLen < 20) {
		/* five length fields at least */
		dprintf("DSAPublicKeyDecodeOpenSSH2: short record(2)\n");
		ourRtn = CSSMERR_CSP_INVALID_KEY;
		goto errOut;
	}
	decLen = readUint32(key, keyLen);
	len = strlen(SSH2_DSA_HEADER);
	if(decLen != len) {
		dprintf("DSAPublicKeyDecodeOpenSSH2: bad header (2)\n");
		ourRtn = CSSMERR_CSP_INVALID_KEY;
		goto errOut;
	}
	if(memcmp(SSH2_DSA_HEADER, key, len)) {
		dprintf("DSAPublicKeyDecodeOpenSSH2: bad header (1)\n");
		return CSSMERR_CSP_INVALID_KEY;
	}
	key += len;
	keyLen -= len;
	
	dsa->p = readBigNum2(key, keyLen);
	if(dsa->p == NULL) {
		ourRtn = CSSMERR_CSP_INVALID_KEY;
		goto errOut;
	}
	dsa->q = readBigNum2(key, keyLen);
	if(dsa->q == NULL) {
		ourRtn = CSSMERR_CSP_INVALID_KEY;
		goto errOut;
	}
	dsa->g = readBigNum2(key, keyLen);
	if(dsa->g == NULL) {
		ourRtn = CSSMERR_CSP_INVALID_KEY;
		goto errOut;
	}
	dsa->pub_key = readBigNum2(key, keyLen);
	if(dsa->pub_key == NULL) {
		ourRtn = CSSMERR_CSP_INVALID_KEY;
		goto errOut;
	}

errOut:
	free(decodedBlob);
	return ourRtn;

}
Commit	Line	Data
b1ab9ed8	1	/*
d8f41ccd	2	* Copyright (c) 2006,2011-2012,2014 Apple Inc. All Rights Reserved.
b1ab9ed8 A	3	*
	4	* @APPLE_LICENSE_HEADER_START@
	5	*
	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. Please obtain a copy of the License at
	10	* http://www.opensource.apple.com/apsl/ and read it before using this
	11	* file.
	12	*
	13	* The Original Code and all software distributed under the License are
	14	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	15	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	16	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	17	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	18	* Please see the License for the specific language governing rights and
	19	* limitations under the License.
	20	*
	21	* @APPLE_LICENSE_HEADER_END@
	22	*/
	23
	24
	25	/*
	26	* opensshCoding.cpp - Encoding and decoding of OpenSSH format public keys.
	27	*
b1ab9ed8 A	28	*/
	29
	30	#include "opensshCoding.h"
	31	#include <CoreFoundation/CFData.h>
6b200bc3 A	32	#include <openssl/bn_legacy.h>
6b200bc3 A	33	#include <openssl/crypto_legacy.h>
b1ab9ed8 A	34	#include <security_cdsa_utils/cuEnc64.h>
	35
	36	#define SSH2_RSA_HEADER "ssh-rsa"
	37	#define SSH2_DSA_HEADER "ssh-dss"
	38
	39	#ifndef NDEBUG
	40	#include <stdio.h>
	41	#define dprintf(s...) printf(s)
	42	#else
	43	#define dprintf(...)
	44	#endif
	45
	46	#pragma mark --- commmon code ---
	47
	48	uint32_t readUint32(
	49	const unsigned char *&cp, // IN/OUT
	50	unsigned &len) // IN/OUT
	51	{
	52	uint32_t r = 0;
	53
	54	for(unsigned dex=0; dex<sizeof(uint32_t); dex++) {
	55	r <<= 8;
	56	r \|= *cp++;
	57	}
	58	len -= 4;
	59	return r;
	60	}
	61
	62	void appendUint32(
	63	CFMutableDataRef cfOut,
	64	uint32_t ui)
	65	{
	66	UInt8 buf[sizeof(uint32_t)];
	67
	68	for(int dex=(sizeof(uint32_t) - 1); dex>=0; dex--) {
	69	buf[dex] = ui & 0xff;
	70	ui >>= 8;
	71	}
	72	CFDataAppendBytes(cfOut, buf, sizeof(uint32_t));
	73	}
	74
	75
	76	/* parse text as decimal, return BIGNUM */
	77	static BIGNUM *parseDecimalBn(
	78	const unsigned char *cp,
	79	unsigned len)
	80	{
	81	for(unsigned dex=0; dex<len; dex++) {
	82	char c = *cp;
	83	if((c < '0') \|\| (c > '9')) {
	84	return NULL;
	85	}
	86	}
	87	char str = (char )malloc(len + 1);
	88	memmove(str, cp, len);
	89	str[len] = '\0';
	90	BIGNUM *bn = NULL;
	91	BN_dec2bn(&bn, str);
	92	free(str);
	93	return bn;
	94	}
	95
	96	/* write BIGNUM, OpenSSH v2 format (with a 4-byte byte count) */
	97	static CSSM_RETURN appendBigNum2(
98	CFMutableDataRef cfOut,
99	const BIGNUM *bn)
100	{
101	if(bn == NULL) {
102	dprintf("appendBigNum2: NULL bn");
103	return CSSMERR_CSP_INTERNAL_ERROR;
104	}
105	if (BN_is_zero(bn)) {
106	appendUint32(cfOut, 0);
107	return 0;
108	}
109	if(bn->neg) {
110	dprintf("appendBigNum2: negative numbers not supported\n");
111	return CSSMERR_CSP_INTERNAL_ERROR;
112	}
113	int numBytes = BN_num_bytes(bn);
79b9da22 A	114	unsigned char buf = (unsigned char)malloc(numBytes);
	115	if (buf == NULL) {
	116	dprintf("appendBigNum: Cannot allocate a temp BN buffer\n");
	117	return CSSMERR_CSSM_MEMORY_ERROR;
	118	}
b1ab9ed8 A	119	int moved = BN_bn2bin(bn, buf);
	120	if(moved != numBytes) {
	121	dprintf("appendBigNum: BN_bn2bin() screwup\n");
79b9da22	122	free(buf);
b1ab9ed8 A	123	return CSSMERR_CSP_INTERNAL_ERROR;
	124	}
	125	bool appendZero = false;
	126	if(buf[0] & 0x80) {
	127	/* prepend leading zero to make it positive */
	128	appendZero = true;
	129	numBytes++; // to encode the correct 4-byte length
	130	}
	131	appendUint32(cfOut, (uint32_t)numBytes);
	132	if(appendZero) {
	133	UInt8 z = 0;
	134	CFDataAppendBytes(cfOut, &z, 1);
	135	numBytes--; // to append the correct number of bytes
	136	}
	137	CFDataAppendBytes(cfOut, buf, numBytes);
	138	memset(buf, 0, numBytes);
79b9da22	139	free(buf);
b1ab9ed8 A	140	return CSSM_OK;
	141	}
	142
	143	/* read BIGNUM, OpenSSH-2 mpint version */
	144	static BIGNUM *readBigNum2(
	145	const unsigned char *&cp, // IN/OUT
	146	unsigned &remLen) // IN/OUT
	147	{
	148	if(remLen < 4) {
	149	dprintf("readBigNum2: short record(1)\n");
	150	return NULL;
	151	}
	152	uint32_t bytes = readUint32(cp, remLen);
	153	if(remLen < bytes) {
	154	dprintf("readBigNum2: short record(2)\n");
	155	return NULL;
	156	}
	157	BIGNUM *bn = BN_bin2bn(cp, bytes, NULL);
	158	if(bn == NULL) {
	159	dprintf("readBigNum2: BN_bin2bn error\n");
	160	return NULL;
	161	}
	162	cp += bytes;
	163	remLen -= bytes;
	164	return bn;
	165	}
	166
	167	/* Write BIGNUM, OpenSSH-1 decimal (public key) version */
	168	static CSSM_RETURN appendBigNumDec(
	169	CFMutableDataRef cfOut,
	170	const BIGNUM *bn)
	171	{
	172	char *buf = BN_bn2dec(bn);
	173	if(buf == NULL) {
	174	dprintf("appendBigNumDec: BN_bn2dec() error");
	175	return CSSMERR_CSP_INTERNAL_ERROR;
	176	}
	177	CFDataAppendBytes(cfOut, (const UInt8 *)buf, strlen(buf));
	178	Free(buf);
	179	return CSSM_OK;
	180	}
	181
	182	/* write string, OpenSSH v2 format (with a 4-byte byte count) */
	183	static void appendString(
	184	CFMutableDataRef cfOut,
	185	const char *str,
	186	unsigned strLen)
	187	{
	188	appendUint32(cfOut, (uint32_t)strLen);
	189	CFDataAppendBytes(cfOut, (UInt8 *)str, strLen);
	190	}
	191
	192	/* skip whitespace */
	193	static void skipWhite(
	194	const unsigned char *&cp,
	195	unsigned &bytesLeft)
	196	{
	197	while(bytesLeft != 0) {
	198	if(isspace((int)(*cp))) {
	199	cp++;
	200	bytesLeft--;
	201	}
	202	else {
	203	return;
204	}
205	}
206	}
207
208	/* find next whitespace or EOF - if EOF, rtn pointer points to one past EOF */
209	static const unsigned char *findNextWhite(
210	const unsigned char *cp,
211	unsigned &bytesLeft)
212	{
213	while(bytesLeft != 0) {
214	if(isspace((int)(*cp))) {
215	return cp;
216	}
217	cp++;
218	bytesLeft--;
219	}
220	return cp;
221	}
222
223
224	/*
225	* Decode components from an SSHv2 public key.
226	* Also verifies the leading header, e.g. "ssh-rsa".
227	* The returned decodedBlob is algorithm-specific.
228	*/
229	static CSSM_RETURN parseSSH2PubKey(
230	const unsigned char *key,
231	unsigned keyLen,
232	const char *header, // SSH2_RSA_HEADER, SSH2_DSA_HEADER
233	unsigned char **decodedBlob, // mallocd and RETURNED
234	unsigned *decodedBlobLen) // RETURNED
235	{
427c49bc	236	size_t len = strlen(header);
b1ab9ed8 A	237	*decodedBlob = NULL;
	238
	239	/* ID string plus at least one space */
	240	if(keyLen < (len + 1)) {
	241	dprintf("parseSSH2PubKey: short record(1)\n");
	242	return CSSMERR_CSP_INVALID_KEY;
	243	}
	244
	245	if(memcmp(header, key, len)) {
	246	dprintf("parseSSH2PubKey: bad header (1)\n");
	247	return CSSMERR_CSP_INVALID_KEY;
	248	}
	249	key += len;
	250	if(*key++ != ' ') {
	251	dprintf("parseSSH2PubKey: bad header (2)\n");
	252	return CSSMERR_CSP_INVALID_KEY;
	253	}
	254	keyLen -= (len + 1);
	255
	256	/* key points to first whitespace after header */
	257	skipWhite(key, keyLen);
	258	if(keyLen == 0) {
	259	dprintf("parseSSH2PubKey: short key\n");
	260	return CSSMERR_CSP_INVALID_KEY;
	261	}
	262
	263	/* key is start of base64 blob */
	264	const unsigned char *encodedBlob = key;
	265	const unsigned char *endBlob = findNextWhite(key, keyLen);
427c49bc	266	unsigned encodedBlobLen = (unsigned)(endBlob - encodedBlob);
b1ab9ed8 A	267
	268	/* decode base 64 */
	269	*decodedBlob = cuDec64(encodedBlob, encodedBlobLen, decodedBlobLen);
	270	if(*decodedBlob == NULL) {
	271	dprintf("parseSSH2PubKey: base64 decode error\n");
	272	return CSSMERR_CSP_INVALID_KEY;
	273	}
	274
	275	/* skip remainder; it's comment */
	276
	277	return CSSM_OK;
	278	}
	279
	280
	281	#pragma mark -- RSA OpenSSHv1 ---
	282
	283	CSSM_RETURN RSAPublicKeyEncodeOpenSSH1(
	284	RSA *rsa,
	285	const CssmData &descData,
	286	CssmOwnedData &encodedKey)
	287	{
	288	CFMutableDataRef cfOut = CFDataCreateMutable(NULL, 0);
	289	CSSM_RETURN ourRtn = CSSM_OK;
	290
	291	/*
	292	* Format is
	293	* num_bits in decimal
	294	* <space>
	295	* e, bignum in decimal
	296	* <space>
	297	* n, bignum in decimal
	298	* <space>
	299	* optional comment
	300	* newline
	301	*/
	302	unsigned numBits = BN_num_bits(rsa->n);
	303	char bitString[20];
	304	UInt8 c = ' ';
	305
	306	snprintf(bitString, sizeof(bitString), "%u ", numBits);
	307	CFDataAppendBytes(cfOut, (const UInt8 *)bitString, strlen(bitString));
427c49bc	308	if((ourRtn = appendBigNumDec(cfOut, rsa->e))) {
b1ab9ed8 A	309	goto errOut;
	310	}
	311	CFDataAppendBytes(cfOut, &c, 1);
427c49bc	312	if((ourRtn = appendBigNumDec(cfOut, rsa->n))) {
b1ab9ed8 A	313	goto errOut;
	314	}
	315
	316	if(descData.Length) {
	317	/* optional comment */
	318	CFDataAppendBytes(cfOut, &c, 1);
	319	CFDataAppendBytes(cfOut, (UInt8 *)descData.Data, descData.Length);
	320	}
	321
	322	c = '\n';
	323	CFDataAppendBytes(cfOut, &c, 1);
	324	encodedKey.copy(CFDataGetBytePtr(cfOut), CFDataGetLength(cfOut));
	325	errOut:
	326	CFRelease(cfOut);
	327	return ourRtn;
	328	}
	329
	330	CSSM_RETURN RSAPublicKeyDecodeOpenSSH1(
	331	RSA *rsa,
	332	void *p,
	333	size_t length)
	334	{
	335	const unsigned char cp = (const unsigned char )p;
427c49bc	336	unsigned remLen = (unsigned)length;
b1ab9ed8 A	337
	338	skipWhite(cp, remLen);
	339
	340	/*
	341	* cp points to start of size_in_bits in ASCII decimal; we really don't care about
	342	* this field. Find next space.
	343	*/
	344	cp = findNextWhite(cp, remLen);
	345	if(remLen == 0) {
	346	dprintf("RSAPublicKeyDecodeOpenSSH1: short key (1)\n");
	347	return CSSMERR_CSP_INVALID_KEY;
	348	}
	349	skipWhite(cp, remLen);
	350	if(remLen == 0) {
	351	dprintf("RSAPublicKeyDecodeOpenSSH1: short key (2)\n");
	352	return CSSMERR_CSP_INVALID_KEY;
	353	}
	354
	355	/*
	356	* cp points to start of e
	357	*/
	358	const unsigned char *ep = findNextWhite(cp, remLen);
	359	if(remLen == 0) {
	360	dprintf("RSAPublicKeyDecodeOpenSSH1: short key (3)\n");
	361	return CSSMERR_CSP_INVALID_KEY;
	362	}
427c49bc	363	unsigned len = (unsigned)(ep - cp);
b1ab9ed8 A	364	rsa->e = parseDecimalBn(cp, len);
	365	if(rsa->e == NULL) {
	366	return CSSMERR_CSP_INVALID_KEY;
	367	}
	368	cp += len;
	369
	370	skipWhite(cp, remLen);
	371	if(remLen == 0) {
	372	dprintf("RSAPublicKeyDecodeOpenSSH1: short key (4)\n");
	373	return -1;
	374	}
	375
	376	/* cp points to start of n */
	377	ep = findNextWhite(cp, remLen);
427c49bc	378	len = (unsigned)(ep - cp);
b1ab9ed8 A	379	rsa->n = parseDecimalBn(cp, len);
	380	if(rsa->n == NULL) {
	381	return CSSMERR_CSP_INVALID_KEY;
	382	}
	383
	384	/* remainder is comment, we ignore */
	385	return CSSM_OK;
	386
	387	}
	388
	389	CSSM_RETURN RSAPrivateKeyEncodeOpenSSH1(
	390	RSA *rsa,
	391	const CssmData &descData,
	392	CssmOwnedData &encodedKey)
	393	{
	394	CFDataRef cfOut;
	395	CSSM_RETURN ourRtn;
	396
427c49bc	397	ourRtn = encodeOpenSSHv1PrivKey(rsa, descData.Data, (unsigned)descData.Length, NULL, &cfOut);
b1ab9ed8 A	398	if(ourRtn) {
	399	return ourRtn;
	400	}
	401	encodedKey.copy(CFDataGetBytePtr(cfOut), CFDataGetLength(cfOut));
	402	CFRelease(cfOut);
	403	return CSSM_OK;
	404	}
	405
	406	extern CSSM_RETURN RSAPrivateKeyDecodeOpenSSH1(
	407	RSA *openKey,
	408	void *p,
	409	size_t length)
	410	{
427c49bc	411	return decodeOpenSSHv1PrivKey((const unsigned char *)p, (unsigned)length,
b1ab9ed8 A	412	openKey, NULL, NULL, NULL);
	413	}
	414
	415	#pragma mark -- RSA OpenSSHv2 ---
	416
	417	CSSM_RETURN RSAPublicKeyEncodeOpenSSH2(
	418	RSA *rsa,
	419	const CssmData &descData,
	420	CssmOwnedData &encodedKey)
	421	{
	422	unsigned char *b64 = NULL;
	423	unsigned b64Len;
	424	UInt8 c;
	425
	426	/*
	427	* First, the inner base64-encoded blob, consisting of
	428	* ssh-rsa
	429	* e
	430	* n
	431	*/
	432	CFMutableDataRef cfOut = CFDataCreateMutable(NULL, 0);
	433	CSSM_RETURN ourRtn = CSSM_OK;
	434	appendString(cfOut, SSH2_RSA_HEADER, strlen(SSH2_RSA_HEADER));
427c49bc	435	if((ourRtn = appendBigNum2(cfOut, rsa->e))) {
b1ab9ed8 A	436	goto errOut;
b1ab9ed8 A	437	}
427c49bc	438	if((ourRtn = appendBigNum2(cfOut, rsa->n))) {
b1ab9ed8 A	439	goto errOut;
	440	}
	441
	442	/* base64 encode that */
427c49bc	443	b64 = cuEnc64((unsigned char *)CFDataGetBytePtr(cfOut), (unsigned)CFDataGetLength(cfOut), &b64Len);
b1ab9ed8 A	444
	445	/* cuEnc64 added newline and NULL, which we really don't want */
	446	b64Len -= 2;
	447
	448	/* Now start over, dropping that base64 into a public blob. */
	449	CFDataSetLength(cfOut, 0);
	450	CFDataAppendBytes(cfOut, (UInt8 *)SSH2_RSA_HEADER, strlen(SSH2_RSA_HEADER));
	451	c = ' ';
	452	CFDataAppendBytes(cfOut, &c, 1);
	453	CFDataAppendBytes(cfOut, b64, b64Len);
	454
	455	if(descData.Length) {
	456	/* optional comment */
	457	CFDataAppendBytes(cfOut, &c, 1);
	458	CFDataAppendBytes(cfOut, (UInt8 *)descData.Data, descData.Length);
	459	}
	460
	461	/* finish it with a newline */
	462	c = '\n';
	463	CFDataAppendBytes(cfOut, &c, 1);
	464
	465	encodedKey.copy(CFDataGetBytePtr(cfOut), CFDataGetLength(cfOut));
	466	errOut:
	467	CFRelease(cfOut);
	468	if(b64) {
	469	free(b64);
	470	}
	471	return ourRtn;
	472	}
	473
	474	CSSM_RETURN RSAPublicKeyDecodeOpenSSH2(
	475	RSA *rsa,
	476	void *p,
	477	size_t length)
	478	{
	479	const unsigned char key = (const unsigned char )p;
427c49bc	480	unsigned keyLen = (unsigned)length;
b1ab9ed8 A	481	CSSM_RETURN ourRtn;
	482
	483	/*
	484	* Verify header
	485	* get base64-decoded blob
	486	*/
	487	unsigned char *decodedBlob = NULL;
	488	unsigned decodedBlobLen = 0;
427c49bc	489	if((ourRtn = parseSSH2PubKey(key, keyLen, SSH2_RSA_HEADER, &decodedBlob, &decodedBlobLen))) {
b1ab9ed8 A	490	return ourRtn;
	491	}
	492	/* subsequent errors to errOut: */
	493
	494	/*
	495	* The inner base64-decoded blob, consisting of
	496	* ssh-rsa
	497	* e
	498	* n
	499	*/
	500	uint32_t decLen;
	501	unsigned len;
	502
	503	key = decodedBlob;
	504	keyLen = decodedBlobLen;
	505	if(keyLen < 12) {
	506	/* three length fields at least */
	507	dprintf("RSAPublicKeyDecodeOpenSSH2: short record(2)\n");
	508	ourRtn = -1;
	509	goto errOut;
	510	}
	511	decLen = readUint32(key, keyLen);
	512	len = strlen(SSH2_RSA_HEADER);
	513	if(decLen != len) {
	514	dprintf("RSAPublicKeyDecodeOpenSSH2: bad header (2)\n");
	515	ourRtn = CSSMERR_CSP_INVALID_KEY;
	516	goto errOut;
	517	}
	518	if(memcmp(SSH2_RSA_HEADER, key, len)) {
	519	dprintf("RSAPublicKeyDecodeOpenSSH2: bad header (1)\n");
	520	return CSSMERR_CSP_INVALID_KEY;
	521	}
	522	key += len;
	523	keyLen -= len;
	524
	525	rsa->e = readBigNum2(key, keyLen);
	526	if(rsa->e == NULL) {
	527	ourRtn = CSSMERR_CSP_INVALID_KEY;
	528	goto errOut;
	529	}
	530	rsa->n = readBigNum2(key, keyLen);
	531	if(rsa->n == NULL) {
	532	ourRtn = CSSMERR_CSP_INVALID_KEY;
	533	goto errOut;
	534	}
	535
	536	errOut:
	537	free(decodedBlob);
	538	return ourRtn;
	539	}
	540
	541	#pragma mark -- DSA OpenSSHv2 ---
	542
	543	CSSM_RETURN DSAPublicKeyEncodeOpenSSH2(
	544	DSA *dsa,
	545	const CssmData &descData,
	546	CssmOwnedData &encodedKey)
	547	{
	548	unsigned char *b64 = NULL;
	549	unsigned b64Len;
	550	UInt8 c;
	551
	552	/*
	553	* First, the inner base64-encoded blob, consisting of
554	* ssh-dss
555	* p
556	* q
557	* g
558	* pub_key
559	*/
560	CFMutableDataRef cfOut = CFDataCreateMutable(NULL, 0);
561	int ourRtn = 0;
562	appendString(cfOut, SSH2_DSA_HEADER, strlen(SSH2_DSA_HEADER));
427c49bc	563	if((ourRtn = appendBigNum2(cfOut, dsa->p))) {
b1ab9ed8 A	564	goto errOut;
b1ab9ed8 A	565	}
427c49bc	566	if((ourRtn = appendBigNum2(cfOut, dsa->q))) {
b1ab9ed8 A	567	goto errOut;
b1ab9ed8 A	568	}
427c49bc	569	if((ourRtn = appendBigNum2(cfOut, dsa->g))) {
b1ab9ed8 A	570	goto errOut;
b1ab9ed8 A	571	}
427c49bc	572	if((ourRtn = appendBigNum2(cfOut, dsa->pub_key))) {
b1ab9ed8 A	573	goto errOut;
	574	}
	575
	576	/* base64 encode that */
427c49bc	577	b64 = cuEnc64((unsigned char *)CFDataGetBytePtr(cfOut), (unsigned)CFDataGetLength(cfOut), &b64Len);
b1ab9ed8 A	578
	579	/* cuEnc64 added newline and NULL, which we really don't want */
	580	b64Len -= 2;
	581
	582	/* Now start over, dropping that base64 into a public blob. */
	583	CFDataSetLength(cfOut, 0);
	584	CFDataAppendBytes(cfOut, (UInt8 *)SSH2_DSA_HEADER, strlen(SSH2_DSA_HEADER));
	585	c = ' ';
	586	CFDataAppendBytes(cfOut, &c, 1);
	587	CFDataAppendBytes(cfOut, b64, b64Len);
	588
	589	if(descData.Length) {
	590	/* optional comment */
	591	CFDataAppendBytes(cfOut, &c, 1);
	592	CFDataAppendBytes(cfOut, (UInt8 *)descData.Data, descData.Length);
	593	}
	594
	595	/* finish it with a newline */
	596	c = '\n';
	597	CFDataAppendBytes(cfOut, &c, 1);
	598
	599	encodedKey.copy(CFDataGetBytePtr(cfOut), CFDataGetLength(cfOut));
	600
	601	errOut:
	602	CFRelease(cfOut);
	603	if(b64) {
	604	free(b64);
	605	}
	606	return ourRtn;
	607	}
	608
	609	CSSM_RETURN DSAPublicKeyDecodeOpenSSH2(
	610	DSA *dsa,
	611	void *p,
	612	size_t length)
	613	{
	614	const unsigned char key = (const unsigned char )p;
427c49bc	615	unsigned keyLen = (unsigned)length;
b1ab9ed8 A	616	CSSM_RETURN ourRtn;
	617
	618	/*
	619	* Verify header
	620	* get base64-decoded blob
	621	*/
	622	unsigned char *decodedBlob = NULL;
	623	unsigned decodedBlobLen = 0;
427c49bc	624	if((ourRtn = parseSSH2PubKey(key, keyLen, SSH2_DSA_HEADER, &decodedBlob, &decodedBlobLen))) {
b1ab9ed8 A	625	return ourRtn;
	626	}
	627	/* subsequent errors to errOut: */
	628
	629	/*
	630	* The inner base64-decoded blob, consisting of
	631	* ssh-dss
	632	* p
	633	* q
	634	* g
	635	* pub_key
	636	*/
	637	uint32_t decLen;
	638	unsigned len;
	639
	640	key = decodedBlob;
	641	keyLen = decodedBlobLen;
	642	if(keyLen < 20) {
	643	/* five length fields at least */
	644	dprintf("DSAPublicKeyDecodeOpenSSH2: short record(2)\n");
	645	ourRtn = CSSMERR_CSP_INVALID_KEY;
	646	goto errOut;
	647	}
	648	decLen = readUint32(key, keyLen);
	649	len = strlen(SSH2_DSA_HEADER);
	650	if(decLen != len) {
	651	dprintf("DSAPublicKeyDecodeOpenSSH2: bad header (2)\n");
	652	ourRtn = CSSMERR_CSP_INVALID_KEY;
	653	goto errOut;
	654	}
	655	if(memcmp(SSH2_DSA_HEADER, key, len)) {
	656	dprintf("DSAPublicKeyDecodeOpenSSH2: bad header (1)\n");
	657	return CSSMERR_CSP_INVALID_KEY;
	658	}
	659	key += len;
	660	keyLen -= len;
	661
	662	dsa->p = readBigNum2(key, keyLen);
	663	if(dsa->p == NULL) {
	664	ourRtn = CSSMERR_CSP_INVALID_KEY;
	665	goto errOut;
	666	}
	667	dsa->q = readBigNum2(key, keyLen);
	668	if(dsa->q == NULL) {
	669	ourRtn = CSSMERR_CSP_INVALID_KEY;
	670	goto errOut;
	671	}
	672	dsa->g = readBigNum2(key, keyLen);
	673	if(dsa->g == NULL) {
	674	ourRtn = CSSMERR_CSP_INVALID_KEY;
	675	goto errOut;
	676	}
	677	dsa->pub_key = readBigNum2(key, keyLen);
	678	if(dsa->pub_key == NULL) {
	679	ourRtn = CSSMERR_CSP_INVALID_KEY;
	680	goto errOut;
	681	}
	682
	683	errOut:
	684	free(decodedBlob);
	685	return ourRtn;
	686
	687	}
	688